Popular White Paper On This Topic

If you want to allow https from your internal network to outside network
then you can achieve it by using access list . Allow only port 443 from
inside to outside in an access list and apply that access list on the
inside interface of ASA in inward direction.

Hi,
If you want to block https traffic for facebook suggest to create one network object group [ as facebook have multiple servers] add all facebook server ip,s group [ do nslookup for facebook.com ] and block port 443.

Cisco ASA devices cannot inspect https traffic. All it sees is an encrypted stream. So, if a user in an https session clicks an https link to facebook, then it will not be blocked using most of these methods.

The IP list block is OK for a while but will begin to fail over time as facebook obtains new servers, IPs, and endpoints.

The best way I've found is to return 127.0.0.1 or some other IP for facebook by creating a dummy zone on your DNS server for facebook.com

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.